package com.xnyzc.lhy.order.config;

import com.alibaba.fastjson.JSONObject;
import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.http.MethodType;
import com.aliyuncs.profile.DefaultProfile;
import com.aliyuncs.profile.IClientProfile;
import com.aliyuncs.sts.model.v20150401.AssumeRoleRequest;
import com.aliyuncs.sts.model.v20150401.AssumeRoleResponse;
import lombok.extern.slf4j.Slf4j;
import org.springframework.cache.annotation.EnableCaching;
import org.springframework.context.annotation.Configuration;

/**
 * STS临时授权访问OSS 配置类
 */
@Slf4j
@Configuration
@EnableCaching
public class StsServiceSampleConfig {
    //STS接入地址，例如sts.cn-hangzhou.aliyuncs.com。
    private static String endpoint = "sts.cn-hangzhou.aliyuncs.com"; //华东1杭州
    private static String AccessKeyId = "LTAI4GA1HbUKjL9JtBjKqvd6";
    private static String accessKeySecret = "hnj6pIGOFpFTXoHmanDzRNLFjmVpsq";
    //角色ARN
    private static String roleArn = "acs:ram::1531629668133093:role/androiddriverapp";
    //用来标识临时访问凭证的名称，建议使用不同的应用程序用户来区分。
    private static String roleSessionName = "external-username";
    //在扮演角色的时候额外添加的权限限制
    private static String policy = "{\n" +
            "    \"Version\": \"1\", \n" +
            "    \"Statement\": [\n" +
            "        {\n" +
            "            \"Action\": [\n" +
            "                \"oss:*\"\n" +
            "            ], \n" +
            "            \"Resource\": [\n" +
            "                \"acs:oss:*:*:*\" \n" +
            "            ], \n" +
            "            \"Effect\": \"Allow\"\n" +
            "        }\n" +
            "    ]\n" +
            "}";

    //获取sts的安全令牌具体实现方法
    public static String getStsServiceSample(){
        JSONObject json = new JSONObject();
            try {
                // 添加endpoint（直接使用STS endpoint，前两个参数留空，无需添加region ID）
                DefaultProfile.addEndpoint("", "", "Sts", endpoint);
                // 构造default profile（参数留空，无需添加region ID）
                IClientProfile profile = DefaultProfile.getProfile("", AccessKeyId, accessKeySecret);
                // 用profile构造client
                DefaultAcsClient client = new DefaultAcsClient(profile);
                final AssumeRoleRequest request = new AssumeRoleRequest();
                request.setMethod(MethodType.POST);
                request.setRoleArn(roleArn);
                request.setRoleSessionName(roleSessionName);
                request.setPolicy(null); // 若policy为空，则用户将获得该角色下所有权限
                request.setDurationSeconds(1000L); // 设置凭证有效时间
                final AssumeRoleResponse response = client.getAcsResponse(request);
                json.put("Expiration",response.getCredentials().getExpiration());
                json.put("AccessKeyId",response.getCredentials().getAccessKeyId());
                json.put("AccessKeySecret",response.getCredentials().getAccessKeySecret());
                json.put("SecurityToken",response.getCredentials().getSecurityToken());
                json.put("RequestId",response.getRequestId());
            } catch (ClientException e) {
                System.out.println("获取sts的安全令牌err：" + e.getMessage());
                log.info("获取sts的安全令牌err：" + e.getMessage());
                return null;
            }
            return json.toString();
    }


    //开发者使用---测试使用
    public static void main(String[] args) {
        String res = getStsServiceSample();
        System.out.println("res :" + res);
    }
}
